richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

2 changed files:

Changes:

  • browser/app/profile/000-tor-browser.js
    ... ... @@ -41,14 +41,19 @@ pref("dom.security.https_only_mode.upgrade_onion", false);
    41 41
     
    
    42 42
     // Bug 40423/41137: Disable http/3
    
    43 43
     // We should re-enable it as soon as Tor gets UDP support
    
    44
    -pref("network.http.http3.enabled", false);
    
    44
    +pref("network.http.http3.enable", false);
    
    45 45
     
    
    46 46
     // 0 = do not use a second connection, see all.js and #7656
    
    47 47
     pref("network.http.connection-retry-timeout", 0);
    
    48 48
     
    
    49 49
     #expand pref("torbrowser.version", __BASE_BROWSER_VERSION_QUOTED__);
    
    50 50
     
    
    51
    -// Old torbutton pref
    
    51
    +// Tor Browser used to be compatible with non-Tor proxies. This feature is not
    
    52
    +// available anymore, but this legacy preference can be still used to disable
    
    53
    +// first-party domain circuit isolation.
    
    54
    +// In general, it should not be used. This use-case is still supported only for
    
    55
    +// sites that break with this isolation (and even in that case, its use should
    
    56
    +// be reduced to the strictly required time).
    
    52 57
     pref("extensions.torbutton.use_nontor_proxy", false);
    
    53 58
     
    
    54 59
     // Browser home page:
    
    ... ... @@ -61,8 +66,6 @@ pref("browser.download.showTorWarning", true);
    61 66
     pref("extensions.torbutton.pref_fixup_version", 0);
    
    62 67
     
    
    63 68
     // Formerly tor-launcher defaults
    
    64
    -// When presenting the setup wizard, first prompt for locale.
    
    65
    -pref("intl.locale.matchOS", true);
    
    66 69
     
    
    67 70
     pref("extensions.torlauncher.start_tor", true);
    
    68 71
     pref("extensions.torlauncher.prompt_at_startup", true);
    
    ... ... @@ -112,7 +115,7 @@ pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.g
    112 115
     pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat");
    
    113 116
     pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4");
    
    114 117
     
    
    115
    -// Recommended default bridge type (can be set per localized bundle).
    
    118
    +// Recommended default bridge type.
    
    116 119
     // pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3");
    
    117 120
     
    
    118 121
     // Default bridges.
    

  • browser/app/profile/001-base-profile.js
    ... ... @@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600);
    40 40
     pref("app.update.staging.enabled", false);
    
    41 41
     #endif
    
    42 42
     
    
    43
    +pref("browser.startup.homepage_override.buildID", "20100101");
    
    44
    +
    
    43 45
     // Disable the "Refresh" prompt that is displayed for stale profiles.
    
    44 46
     pref("browser.disableResetPrompt", true);
    
    45 47
     
    
    ... ... @@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true);
    47 49
     pref("browser.privatebrowsing.autostart", true);
    
    48 50
     pref("browser.cache.disk.enable", false);
    
    49 51
     pref("permissions.memory_only", true);
    
    50
    -pref("network.cookie.lifetimePolicy", 2);
    
    51 52
     pref("security.nocertdb", true);
    
    52 53
     pref("media.aboutwebrtc.hist.enabled", false);
    
    53 54
     
    
    ... ... @@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true);
    66 67
     // Misc privacy: Disk
    
    67 68
     pref("signon.rememberSignons", false);
    
    68 69
     pref("browser.formfill.enable", false);
    
    70
    +pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496
    
    69 71
     pref("signon.autofillForms", false);
    
    72
    +// Do not store extra data (form, scrollbar positions, cookies, POST data) for
    
    73
    +// the session restore functionality.
    
    70 74
     pref("browser.sessionstore.privacy_level", 2);
    
    71 75
     // Use the in-memory media cache and increase its maximum size (#29120)
    
    72 76
     pref("browser.privatebrowsing.forceMediaMemoryCache", true);
    
    ... ... @@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true);
    80 84
     
    
    81 85
     // Enable HTTPS-Only mode (tor-browser#19850)
    
    82 86
     pref("dom.security.https_only_mode", true);
    
    87
    +// The previous pref automatically sets this to true (see StaticPrefList.yaml),
    
    88
    +// but set it anyway only as a defense-in-depth.
    
    83 89
     pref("dom.security.https_only_mode_pbm", true);
    
    84 90
     
    
    85 91
     // tor-browser#22320: Hide referer when comming from a .onion address
    
    ... ... @@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked);
    118 124
     // Misc privacy: Remote
    
    119 125
     pref("browser.send_pings", false);
    
    120 126
     // Space separated list of URLs that are allowed to send objects (instead of
    
    121
    -// only strings) through webchannels.
    
    127
    +// only strings) through webchannels. The default for Firefox is some Mozilla
    
    128
    +// domains.
    
    122 129
     pref("webchannel.allowObject.urlWhitelist", "");
    
    123 130
     pref("geo.enabled", false);
    
    124 131
     pref("geo.provider.network.url", "");
    
    ... ... @@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false);
    127 134
     pref("geo.provider.use_gpsd", false);
    
    128 135
     pref("geo.provider.use_geoclue", false);
    
    129 136
     pref("browser.search.suggest.enabled", false);
    
    137
    +pref("browser.search.suggest.enabled.private", false);
    
    130 138
     pref("browser.urlbar.suggest.searches", false);
    
    131 139
     pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
    
    132 140
     pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
    
    ... ... @@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", "");
    143 151
     pref("browser.safebrowsing.provider.google4.gethashURL", "");
    
    144 152
     pref("browser.safebrowsing.provider.mozilla.updateURL", "");
    
    145 153
     pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
    
    146
    -pref("extensions.ui.lastCategory", "addons://list/extension");
    
    147 154
     pref("datareporting.healthreport.uploadEnabled", false);
    
    148 155
     pref("datareporting.policy.dataSubmissionEnabled", false);
    
    149 156
     // Make sure Unified Telemetry is really disabled, see: #18738.
    
    ... ... @@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false);
    152 159
     pref("toolkit.telemetry.enabled", false, locked);
    
    153 160
     pref("toolkit.telemetry.server", "data:,");
    
    154 161
     pref("toolkit.telemetry.archive.enabled", false);
    
    162
    +pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496
    
    163
    +pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496
    
    164
    +pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496
    
    155 165
     pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
    
    156 166
     pref("toolkit.telemetry.bhrPing.enabled", false);
    
    157 167
     pref("toolkit.telemetry.coverage.opt-out", true);
    
    ... ... @@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", "");
    160 170
     pref("browser.ping-centre.telemetry", false);
    
    161 171
     pref("browser.tabs.crashReporting.sendReport", false);
    
    162 172
     pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
    
    173
    +// Added in tor-browser#41496 even though false by default
    
    174
    +pref("browser.crashReports.unsubmittedCheck.enabled", false);
    
    175
    +// Added in tor-browser#41496 even though it shuld be already always disabled
    
    176
    +// since we disable MOZ_CRASHREPORTER.
    
    177
    +pref("breakpad.reportURL", "data:");
    
    163 178
     #ifdef XP_WIN
    
    164 179
     // Defense-in-depth: ensure that the Windows default browser agent will
    
    165 180
     // not ping Mozilla if it is somehow present (we omit it at build time).
    
    ... ... @@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false);
    177 192
     pref("services.sync.engine.prefs", false);
    
    178 193
     pref("services.sync.engine.tabs", false);
    
    179 194
     pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
    
    180
    -pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254)
    
    181
    -pref("browser.search.geoip.url", "");
    
    182 195
     pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups
    
    183
    -pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17)
    
    196
    +pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17)
    
    184 197
     // Make sure there is no Tracking Protection active in Tor Browser, see: #17898.
    
    185 198
     pref("privacy.trackingprotection.enabled", false);
    
    186 199
     pref("privacy.trackingprotection.pbmode.enabled", false);
    
    ... ... @@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
    200 213
     pref("browser.newtabpage.activity-stream.showSponsored", false);
    
    201 214
     pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
    
    202 215
     pref("browser.newtabpage.activity-stream.default.sites", "");
    
    216
    +// Activity Stream telemetry
    
    203 217
     pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
    
    204 218
     pref("browser.newtabpage.activity-stream.telemetry", false);
    
    205 219
     
    
    206
    -// tor-browser#41945 - disable automatic cookie banners dismissal until
    
    207
    -// we're sure it does not causes fingerprinting risks or other issues.
    
    208
    -pref("cookiebanners.service.mode", 0);
    
    209
    -pref("cookiebanners.service.mode.privateBrowsing", 0);
    
    210
    -pref("cookiebanners.ui.desktop.enabled", false);
    
    211
    -
    
    212 220
     // tor-browser#40788: disable AS's calls to home.
    
    213 221
     // Notice that null is between quotes because it is a JSON string.
    
    214 222
     // Keep checked firefox.js to see if new entries are added.
    
    ... ... @@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment
    221 229
     // Disable fetching asrouter.ftl and related console errors (tor-browser#40763).
    
    222 230
     pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false);
    
    223 231
     
    
    232
    +// tor-browser#41945 - disable automatic cookie banners dismissal until
    
    233
    +// we're sure it does not causes fingerprinting risks or other issues.
    
    234
    +pref("cookiebanners.service.mode", 0);
    
    235
    +pref("cookiebanners.service.mode.privateBrowsing", 0);
    
    236
    +pref("cookiebanners.ui.desktop.enabled", false);
    
    237
    +
    
    224 238
     // Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292).
    
    225 239
     pref("browser.preferences.moreFromMozilla", false);
    
    226 240
     
    
    ... ... @@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false);
    228 242
     pref("extensions.screenshots.disabled", true);
    
    229 243
     pref("extensions.webcompat-reporter.enabled", false);
    
    230 244
     
    
    245
    +pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254)
    
    231 246
     // Disable use of WiFi location information
    
    232 247
     pref("browser.region.network.scan", false);
    
    233 248
     pref("browser.region.network.url", "");
    
    234 249
     pref("browser.region.local-geocoding", false);
    
    235
    -// Bug 40083: Make sure Region.jsm fetching is disabled
    
    250
    +// Bug 40083: Make sure Region.sys.mjs fetching is disabled
    
    236 251
     pref("browser.region.update.enabled", false);
    
    237 252
     
    
    238
    -// Don't load Mozilla domains in a separate tab process
    
    253
    +// Don't load Mozilla domains in a separate privileged tab process
    
    254
    +pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false);
    
    239 255
     pref("browser.tabs.remote.separatedMozillaDomains", "");
    
    240 256
     
    
    241 257
     // Avoid DNS lookups on search terms
    
    ... ... @@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0);
    270 286
     // Disable website password breach alerts
    
    271 287
     pref("signon.management.page.breach-alerts.enabled", false);
    
    272 288
     
    
    273
    -// Disable remote "password recipes"
    
    289
    +// Disable remote "password recipes". They are a way to improve the UX of the
    
    290
    +// password manager by havinc specific heuristics for some sites.
    
    291
    +// It needs remote settings and in general we disable the password manager.
    
    292
    +// More information about this feature at
    
    293
    +// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454
    
    274 294
     pref("signon.recipes.remoteRecipes.enabled", false);
    
    275 295
     
    
    276
    -// Disable ServiceWorkers and push notifications by default
    
    296
    +// Disable ServiceWorkers by default. They do not work in PBM in any case.
    
    297
    +// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796
    
    277 298
     pref("dom.serviceWorkers.enabled", false);
    
    299
    +// Push notifications use an online Mozilla service and a persistent ID stored
    
    300
    +// in dom.push.userAgentID, so disable them by default.
    
    301
    +// See also https://support.mozilla.org/kb/push-notifications-firefox
    
    278 302
     pref("dom.push.enabled", false);
    
    303
    +// As a defense in depth measure, also set the push server URL to empty.
    
    304
    +// See tor-browser#18801.
    
    305
    +pref("dom.push.serverURL", "");
    
    279 306
     
    
    280 307
     // Fingerprinting
    
    281 308
     // tor-browser#41797: For release builds, lock RFP
    
    ... ... @@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true);
    292 319
     pref("webgl.disable-fail-if-major-performance-caveat", true);
    
    293 320
     // tor-browser#16404: disable until we investigate it further (#22333)
    
    294 321
     pref("webgl.enable-webgl2", false);
    
    295
    -pref("browser.startup.homepage_override.buildID", "20100101");
    
    296 322
     pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
    
    297 323
     // Prevent scripts from moving and resizing open windows
    
    298 324
     pref("dom.disable_window_move_resize", true);
    
    ... ... @@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API
    307 333
     // randomized IDs when this pref is true).
    
    308 334
     // Defense-in-depth (already the default value) from Firefox 119 or 120.
    
    309 335
     pref("media.devices.enumerate.legacy.enabled", false);
    
    310
    -pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
    
    336
    +// Bug 10286: Always disable Touch API.
    
    337
    +// We might need to deepen this topic, see tor-browser#42069.
    
    338
    +pref("dom.w3c_touch_events.enabled", 0);
    
    311 339
     pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
    
    312 340
     pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now
    
    313 341
     // Disable SAB, no matter if the sites are cross-origin isolated.
    
    ... ... @@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked);
    350 378
     pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
    
    351 379
     // tor-browser#40123 and #40308: Disable for now until audit
    
    352 380
     pref("privacy.partition.network_state", false);
    
    381
    +// Only accept cookies from the originating site (block third party cookies)
    
    353 382
     pref("network.cookie.cookieBehavior", 1);
    
    354 383
     pref("network.cookie.cookieBehavior.pbmode", 1);
    
    355 384
     pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
    
    ... ... @@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false);
    365 394
     // Do not allow cross-origin sub-resources to open HTTP authentication
    
    366 395
     // credentials dialogs. Hardens against potential credentials phishing.
    
    367 396
     pref("network.auth.subresource-http-auth-allow", 1);
    
    368
    -// Disable sending additional analytics to web servers
    
    397
    +// Disable sending additional analytics to web servers.
    
    398
    +// This disables navigator.sendBeacon, even though this is discouraged by the
    
    399
    +// standard: https://w3c.github.io/beacon/#privacy-and-security
    
    369 400
     pref("beacon.enabled", false);
    
    370 401
     
    
    371 402
     pref("network.dns.disablePrefetch", true);
    
    ... ... @@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true);
    379 410
     pref("network.protocol-handler.warn-external.news", true);
    
    380 411
     pref("network.protocol-handler.warn-external.nntp", true);
    
    381 412
     pref("network.protocol-handler.warn-external.snews", true);
    
    413
    +#ifdef XP_WIN
    
    414
    +  pref("network.protocol-handler.external.ms-windows-store", false);
    
    415
    +  pref("network.protocol-handler.warn-external.ms-windows-store", true);
    
    416
    +#endif
    
    382 417
     pref("network.proxy.allow_bypass", false, locked); // #40682
    
    383 418
     // Lock to 'true', which is already the firefox default, to prevent users
    
    384 419
     // from making themselves fingerprintable by disabling. This pref
    
    385 420
     // alters content load order in a page. See tor-browser#24686
    
    386 421
     pref("network.http.tailing.enabled", true, locked);
    
    387 422
     
    
    388
    -// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
    
    423
    +// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked
    
    424
    +// to firefox defaults to minimize network performance fingerprinting.
    
    425
    +// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
    
    389 426
     pref("network.http.http2.enabled", true, locked);
    
    390 427
     pref("network.http.http2.enabled.deps", true, locked);
    
    391 428
     pref("network.http.http2.enforce-tls-profile", true, locked);
    
    ... ... @@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked);
    395 432
     pref("network.http.http2.persistent-settings", false, locked);
    
    396 433
     pref("network.http.http2.ping-threshold", 58, locked);
    
    397 434
     pref("network.http.http2.ping-timeout", 8, locked);
    
    398
    -pref("network.http.http2.send-buffer-size", 131072, locked);
    
    435
    +pref("network.http.http2.send-buffer-size", 0, locked);
    
    399 436
     pref("network.http.http2.allow-push", true, locked);
    
    400 437
     pref("network.http.http2.push-allowance", 131072, locked);
    
    401 438
     pref("network.http.http2.pull-allowance", 12582912, locked);
    
    402 439
     pref("network.http.http2.default-concurrent", 100, locked);
    
    403 440
     pref("network.http.http2.default-hpack-buffer", 65536, locked);
    
    404
    -pref("network.http.http2.websockets", false, locked);
    
    441
    +pref("network.http.http2.websockets", true, locked);
    
    405 442
     pref("network.http.http2.enable-hpack-dump", false, locked);
    
    406 443
     
    
    407 444
     // tor-browser#23044: Make sure we don't have any GIO supported protocols
    
    ... ... @@ -467,10 +504,6 @@ pref("network.manage-offline-status", false);
    467 504
     pref("network.captive-portal-service.enabled", false);
    
    468 505
     pref("network.connectivity-service.enabled", false);
    
    469 506
     pref("captivedetect.canonicalURL", "");
    
    470
    -// As a "defense in depth" measure, configure an empty push server URL (the
    
    471
    -// DOM Push features are disabled by default via other prefs).
    
    472
    -// See tor-browser#18801.
    
    473
    -pref("dom.push.serverURL", "");
    
    474 507
     
    
    475 508
     #ifdef XP_WIN
    
    476 509
     // tor-browser#41683: Disable the network process on Windows
    
    ... ... @@ -482,9 +515,7 @@ pref("network.process.enabled", false);
    482 515
     
    
    483 516
     // Extension support
    
    484 517
     pref("extensions.autoDisableScopes", 0);
    
    485
    -pref("extensions.databaseSchema", 3);
    
    486 518
     pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4
    
    487
    -pref("extensions.pendingOperations", false);
    
    488 519
     // We don't know what extensions Mozilla is advertising to our users and we
    
    489 520
     // don't want to have some random Google Analytics script running either on the
    
    490 521
     // about:addons page, see bug 22073, 22900 and 31601.
    
    ... ... @@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false);
    498 529
     pref("extensions.webextensions.restrictedDomains", "");
    
    499 530
     // Don't give Mozilla-recommended third-party extensions special privileges.
    
    500 531
     pref("extensions.postDownloadThirdPartyPrompt", false);
    
    501
    -// tor-browser#41701: Reporting an extension does not work
    
    502
    -// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400)
    
    532
    +// tor-browser#41701: Reporting an extension does not work. The request goes to
    
    533
    +// Mozilla and is always rejected anyway (HTTP 400).
    
    503 534
     pref("extensions.abuseReport.enabled", false);
    
    504 535
     // We are already providing the languages we support in multi-lingual packages.
    
    505 536
     // Therefore, do not allow download of additional language packs. They are not a
    
    ... ... @@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false);
    526 557
     // Don't automatically enable enterprise roots, see bug 40166
    
    527 558
     pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
    
    528 559
     
    
    529
    -// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135
    
    530
    -pref("gfx.offscreencanvas.domain-enabled", false);
    
    531
    -pref("gfx.offscreencanvas.domain-allowlist", "");
    
    532
    -
    
    533 560
     // Disable share menus on Mac and Windows tor-browser#41117
    
    534 561
     pref("browser.menu.share_url.allow", false, locked);
    
    535 562